package com.qm.console.controller.rest;

import com.alibaba.fastjson.JSONObject;
import com.qm.console.controller.response.BaseResponse;
import com.qm.console.model.UserInfo;
import com.qm.console.service.UserInfoService;
import com.qm.console.controller.response.BaseResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

/**
 * Created by Edison.hu on 18/7/25.
 */


@RestController
public class HomeController {

    @Autowired
    UserInfoService userInfoService;

    @RequestMapping("/index")
    public String index(){
        // shiroLoginFailure:就是shiro异常类的全类名.
        Subject subject = SecurityUtils.getSubject();
        UserInfo activeUser = (UserInfo) subject.getPrincipal();
        return"index";
    }

    // 这里如果不写method参数的话，默认支持所有请求，如果想缩小请求范围，还是要添加method来支持get, post等等某个请求。
    @RequestMapping(value = "/login", method = RequestMethod.POST)
    public BaseResponse login(@RequestBody JSONObject logininfo) throws Exception {
        userLogout();
        JSONObject data = new JSONObject();
        data.put("token", "");
        // data.put("username", logininfo.getString("username"));
        // 登录失败从request中获取shiro处理的异常信息。
        // shiroLoginFailure:就是shiro异常类的全类名.
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(logininfo.getString("username"),logininfo.getString("password"));
        BaseResponse results = new BaseResponse(data);
        try {
            subject.login(token);
            data.put("token", subject.getSession().getId());
            results.put("msg", "登录成功");
        } catch (IncorrectCredentialsException e) {
            results.put("code", -1);
            results.put("msg", "密码错误");
        } catch (LockedAccountException e) {
            results.put("code", -1);
            results.put("msg", "登录失败，该用户已被冻结");
        } catch (AuthenticationException e) {
            results.put("code", -1);
            results.put("msg", "该用户不存在");
        } catch (Exception e) {
            results.put("code", -1);
            results.put("msg", "unknown error");
            e.printStackTrace();
        }
        return results;
    }

    @RequestMapping(value = "/anonymous")
    public BaseResponse anonymous() {
        JSONObject data = new JSONObject();
        BaseResponse results = new BaseResponse(10001,"用户未登录",data);
        return results;
    }

    @RequestMapping("/403")
    public BaseResponse unauthorizedRole(){
        JSONObject data = new JSONObject();
        BaseResponse results = new BaseResponse(10001,"没有此权限",data);
        return results;
    }

    @RequestMapping("/logout")
    public String userLogout(){
        Subject currentUser = SecurityUtils.getSubject();
        currentUser.logout();
        return "logout";
    }

}
